Menu
▾
▴
Re: chasing referrals
|
From: John B. <joh...@ne...> - 2001-11-28 15:01:00
|
> Basically my thought was that the user would have to tell Net::LDAP > that they want to chase referrals by registering a sub which, given an > LDAP URL, would create the connection and do the auth. > > I have not thought much beyond that, so if anyone want to bounce a few > ideas, go ahead I think the ability to pass in a sub to do the bind is a good idea. Presumably one concern is that chasing a referral attempts a bind to another server, which involves presenting credentials, sometimes a cleartext password. Two thoughts are: - a referral chase could perform an anonymous bind (fail-safe as regards password leakage) using the same protocol version [not by default, but as an option] - a facility could be provided to declare a list of 'trusted' or 'equivalent' servers. Referrals to these servers should replay the original credentials if possible (perhaps falling back to the user-supplied sub if that fails). Of course these could be accomplished with the 'sub' approach, but is either of the two bullets above useful behaviour? regards, jb |
